Panda Security: Recent Stock Market Decline Causes Economic Cyber-Crime to Hit All Time High
October 2008 by Panda Security
PandaLabs, Panda Security’s malware analysis and detection laboratory, issued a security alert that reveals a direct correlation between the recent stock market volatility and the growth of new threats. According to PandaLabs, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts at PandaLabs believe the recent spike in malware could be related to cyber-criminals now having fewer possible targets as a result of consolidation within the banking industry.
“When we began looking into the specific effects cyber-criminals had on the economy during times of duress we found a startling connection: the criminal economy is closely interrelated with the economy,” said Luis Corrons, Technical Director at PandaLabs. “Based on our extensive research and analysis of emerging malware patterns, we believe that criminal organizations are closely watching market performance and adapting as needed to ensure maximum profit.”
According to PandaLabs, the new strategy appears to be developed in response to banking industry consolidation brought on by the multi-million-dollar bank bailout packages introduced by several governments around the World. As a result of this consolidation, fewer banking entities will exist in the long term and the perception of instability in the financial community makes for a less attractive target. This situation has increased the volume of other types of malware such as adware, which under normal circumstances would be second to Trojans.
“Cyber-criminals have to increase their activity to reach more users with campaigns designed to put money directly into their pockets, especially during times of economic instability. For example, we have seen a surge in the number of fake antivirus software scams that trick unsuspecting consumers into making an online transaction, instead of criminals relying heavily on phishing the credentials for banks,” explains Corrons. “Our data also shows that these fake antivirus campaigns are generating over 10 million euros in profit each month for the underground economy.”
The following are highlights of PandaLabs’ key findings:
• On average, the US stock market experienced between a 3 to 7 percent decline from Sept. 1st to Oct. 9th. However, activity on the “malware markets” was the opposite: it grew substantially as the stock markets declined.
• From Sept. 5th to 16th, the Dow Jones Industrial Average, NASDAQ, S&P 500 and Composite Index all dropped from the plus 0.0 percent range to approximately negative 3.0 percent or lower (See Figure #1). In the same period the Spanish IBEX 35 index and the London FTSE 100 also suffered major losses. The same timeframe witnessed a significant surge in daily malware threats; for example from Sept. 8th to Sept 10th the volume of daily threats grew from 10,150 to well over 24,000.
• From Sept. 14th to 16th, stock markets dropped from -0.5 to -5.5 percent while daily threats grew 50 percent each day, from 8,276 on the 14th to over 31,404 on the 16th (See Figure #2).
The graphs below represent these figures and clearly show that when the markets are doing poorly, cyber-criminals are capitalizing on weakened economic states to reap huge financial rewards. For example, Figure #3 shows the general decline of the DJIA, NASDAQ, S&P 500, FTSE 100, IBEX 35 and the Composite Index for a period of one and a half months and indicates several points of notable loss. When comparing this graph to the malware evolution graph (Figure #4) from Sept. 1st to Oct. 9th, it clearly shows that when the markets are unstable, cybercrime is significantly higher.
Figure # 1 – Stock market evolutions (Sept. 5th to Sept. 15th) – source: moneycentral.msn.com
Figure # 2 – Threat evolution with key highlights (Sept. 5th to Sept. 16th) – source: PandaLabs
Figure # 3 – Stock market evolutions (Sept. 1st to Oct. 9th) – source: moneycentral.msn.com
Figure #4 – Threat evolutions with key highlights (Sept. 1st to Oct. 9th) – source: PandaLabs
“As evidenced by this compelling data, there will be no end to the persistence and pervasiveness of cybercriminals and their attempts at exploiting malware for financial gain,” said Corrons. “Regardless of the economic state we’re in, cybercriminals are continually adjusting their strategies and, from this evidence, are capitalizing on economic lows to prey on unsuspecting victims. By remaining vigilant and aware of these findings, we are better prepared to protect ourselves and the economy from the very real dangers of malware.”